Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer-implemented method, comprising: identifying a data use request of a data requestor, wherein the data use request comprises a data type of target data; identifying authorization information of a data owner; generating a data use authorization claim based on the authorization information, wherein the data use authorization claim indicates that the data owner authorizes the data requestor to use data; sending the data use authorization claim to a trusted application (TAPP) in a proxy service provider device, wherein the TAPP corresponds to the data type of the target data; obtaining initial data collected by the TAPP from a data acquisition address in the data use authorization claim, wherein the TAPP is executed in a trusted execution environment (TEE) and is configured to collect the initial data; verifying the initial data to obtain the target data that is successfully verified, wherein the target data comprises a data validity claim indicating a validity of the target data; and sending the target data to the data requestor.
2. The computer-implemented method of claim 1 , wherein the initial data is encrypted data encrypted by using a public key corresponding to the TAPP.
3. The computer-implemented method of claim 2 , comprising: decrypting the target data by using a private key corresponding to the TAPP after sending the target data to the data requestor.
4. The computer-implemented method of claim 1 , comprising: obtaining a first verification result of the TAPP for the data use authorization claim, wherein the first verification result indicates that the data use authorization claim is valid, wherein the data use authorization claim indicates that an approval record of the data use request is valid, and wherein obtaining the initial data collected by the TAPP from the data acquisition address in the data use authorization claim comprises: sending a data acquisition request to the data owner; and receiving the initial data from the data owner.
5. The computer-implemented method of claim 4 , wherein the data acquisition request comprises an identifier of the TAPP, the computer-implemented method comprises: receiving a second verification result of the data owner for the identifier of the TAPP, wherein the second verification result indicates that the identifier of the TAPP is same as an identifier of the TAPP provided by the data requestor, and wherein the initial data from the data owner is received in response to the second verification result.
6. The computer-implemented method of claim 1 , comprising: before identifying the data use request, obtaining a data directory issued by the data owner in a blockchain network, wherein the data directory comprises data authorized to be disclosed by the data owner.
7. The computer-implemented method of claim 1 , wherein identifying authorization information of the data owner comprises: sending an authorization request notification to the data owner based on the data use request, wherein the authorization request notification comprises a uniform resource locator (URL) address; determining an operation behavior of the data owner in a web page corresponding to the URL address; and obtaining the authorization information of the data owner in response to determining that the operation behavior indicates that the data owner agrees to the data use request of the data requestor.
8. The computer-implemented method of claim 1 , wherein the initial data is encrypted by using a public key of the data owner, and the computer-implemented method comprises: decrypting the initial data by using a private key of the data owner, wherein the private key is comprised in the data use authorization claim.
9. The computer-implemented method of claim 1 , wherein the data use authorization claim comprises an approval record of the initial data and a data acquisition address of the initial data, wherein the data validity claim comprises a storage address of the initial data, a data type of the initial data, a validity period of the initial data, and a data collection method of the initial data, and wherein the authorization information comprises a scope-of-use of the initial data.
10. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising: identifying a data use request of a data requestor, wherein the data use request comprises a data type of target data; identifying authorization information of a data owner; generating a data use authorization claim based on the authorization information, wherein the data use authorization claim indicates that the data owner authorizes the data requestor to use data; sending the data use authorization claim to a trusted application (TAPP) in a proxy service provider device, wherein the TAPP corresponds to the data type of the target data; obtaining initial data collected by the TAPP from a data acquisition address in the data use authorization claim, wherein the TAPP is executed in a trusted execution environment (TEE) and is configured to collect the initial data; verifying the initial data to obtain the target data that is successfully verified, wherein the target data comprises a data validity claim indicating a validity of the target data; and sending the target data to the data requestor.
11. The non-transitory, computer-readable medium of claim 10 , comprising: wherein the initial data is encrypted data encrypted by using a public key corresponding to the TAPP.
12. The non-transitory, computer-readable medium of claim 11 , comprising: decrypting the target data by using a private key corresponding to the TAPP after sending the target data to the data requestor.
13. The non-transitory, computer-readable medium of claim 10 , comprising: obtaining a first verification result of the TAPP for the data use authorization claim, wherein the first verification result indicates that the data use authorization claim is valid, wherein the data use authorization claim indicates that an approval record of the data use request is valid, and wherein obtaining the initial data collected by the TAPP from the data acquisition address in the data use authorization claim comprises: sending a data acquisition request to the data owner; and receiving the initial data from the data owner.
14. A computer-implemented system, comprising: one or more computers; and one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform one or more operations comprising: identifying a data use request of a data requestor, wherein the data use request comprises a data type of target data; identifying authorization information of a data owner; generating a data use authorization claim based on the authorization information, wherein the data use authorization claim indicates that the data owner authorizes the data requestor to use data; sending the data use authorization claim to a trusted application (TAPP) in a proxy service provider device, wherein the TAPP corresponds to the data type of the target data; obtaining initial data collected by the TAPP from a data acquisition address in the data use authorization claim, wherein the TAPP is executed in a trusted execution environment (TEE) and is configured to collect the initial data; verifying the initial data to obtain the target data that is successfully verified, wherein the target data comprises a data validity claim indicating a validity of the target data; and sending the target data to the data requestor.
15. The computer-implemented system of claim 14 , comprising: wherein the initial data is encrypted data encrypted by using a public key corresponding to the TAPP.
Unknown
June 14, 2022
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.